End-of-Day report
Timeframe: Dienstag 12-09-2023 18:00 - Mittwoch 13-09-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Stephan Richter
News
Patchday: Angriffe mittels präparierter PDF-Dateien auf Adobe Acrobat
Adobe hat in Acrobat und Reader, Connect und Experience Manager mehrere Sicherheitslücken geschlossen.
https://heise.de/-9303487
Notfallpatch sichert Firefox und Thunderbird gegen Attacken ab
Mozilla hat in seinen Webbrowsern und seinem Mailclient eine Sicherheitslücke geschlossen, die Angreifer bereits ausnutzen.
https://heise.de/-9303536
Microsoft Security Update Summary (12. September 2023)
Am 12. September 2023 hat Microsoft Sicherheitsupdates für Windows-Clients und -Server, für Office- sowie für weitere Produkte - veröffentlicht. Die Sicherheitsupdates beseitigen 61 CVE-Schwachstellen, zwei sind 0-day Schwachstellen. Nachfolgend findet sich ein kompakter Überblick über diese Updates [...]
https://www.borncity.com/blog/2023/09/13/microsoft-security-update-summary-12-september-2023/
Threat landscape for industrial automation systems. Statistics for H1 2023
In the first half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased from H2 2022 by just 0.3 pp to 34%.
https://securelist.com/threat-landscape-for-industrial-automation-systems-statistics-for-h1-2023/110605/
Malware distributor Storm-0324 facilitates ransomware access
The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised networks to other threat actors. These handoffs frequently lead to ransomware deployment. Beginning in July 2023, Storm-0324 was observed distributing payloads using an open-source tool [...]
https://www.microsoft.com/en-us/security/blog/2023/09/12/malware-distributor-storm-0324-facilitates-ransomware-access/
Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints
Three interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster. The issues, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and impact all Kubernetes environments with Windows nodes. Fixes for the vulnerabilities were released on August 23, 2023, [...]
https://thehackernews.com/2023/09/alert-new-kubernetes-vulnerabilities.html
OpenSSL 1.1.1 reaches end of life for all but the well-heeled
$50k to breathe new life into its corpse. The rest of us must move on to OpenSSL 3.0
OpenSSL 1.1.1 has reached the end of its life, making a move to a later version essential for all, bar those with extremely deep pockets.
https://go.theregister.com/feed/www.theregister.com/2023/09/12/openssl_111_end_of_life/
macOS Info-Stealer Malware -MetaStealer- Targeting Businesses
The MetaStealer macOS information stealer has been targeting businesses to exfiltrate keychain and other valuable information.
https://www.securityweek.com/macos-info-stealer-malware-metastealer-targeting-businesses/
How Next-Gen Threats Are Taking a Page From APTs
Cybercriminals are increasingly trying to find ways to get around security, detection, intelligence and controls as APTs start to merge with conventional cybercrime.
https://www.securityweek.com/how-next-gen-threats-are-taking-a-page-from-apts/
How Three Letters Brought Down UK Air Traffic Control
The UK bank holiday weekend at the end of August is a national holiday in which it sometimes seems the entire country ups sticks and makes for somewhere with a beach. This year though, many of them couldn-t, because the country-s NATS air traffic system went down and stranded many to grumble in the heat of a crowded terminal. At the time it was blamed on faulty flight data, but news now emerges that the data which brought down an entire country-s air traffic control may have not been faulty at all.
https://hackaday.com/2023/09/13/how-three-letters-brought-down-uk-air-traffic-control/
3AM: New Ransomware Family Used As Fallback in Failed LockBit Attack
Attackers resorted to new ransomware after deployment of LockBit was blocked on targeted network.
https://symantec-enterprise-blogs.security.com/threat-intelligence/3am-ransomware-lockbit
White House urging dozens of countries to publicly commit to not pay ransoms
The U.S. National Security Council (NSC) is urging the governments of all countries participating in the International Counter Ransomware Initiative (CRI) to issue a joint statement announcing they will not pay ransoms to cybercriminals, according to three sources with knowledge of the plans.
https://therecord.media/counter-ransomware-initiative-members-ransom-payments-statement
September 2023 release of new Exchange Server CVEs (resolved by August 2023 Security Updates)
You may have noticed there were several new Exchange Server CVEs that were released today (a part of September 2023 -Patch Tuesday-). If you haven-t yet, you can go to the Security Update Guide and filter on Exchange Server under Product Family to review CVE information. The CVEs released today were actually addressed in the August 2023 Exchange Server Security Update (SU). Due to the timing of validation of those fixes and release dates, we decided to release the CVEs as a part of September 2023 -Patch Tuesday- release cycle. We know that many customers are accustomed to checking for Microsoft security releases on the second Tuesday of every month, and we did not want these CVEs to go unnoticed.
https://techcommunity.microsoft.com/t5/exchange-team-blog/september-2023-release-of-new-exchange-server-cves-resolved-by/ba-p/3924063
Vulnerabilities
Security updates for Wednesday
Security updates have been issued by Debian (e2guardian), Fedora (libeconf), Red Hat (dmidecode, kernel, kernel-rt, keylime, kpatch-patch, libcap, librsvg2, linux-firmware, and qemu-kvm), Slackware (mozilla), SUSE (chromium and shadow), and Ubuntu (cups, dotnet6, dotnet7, file, flac, and ruby-redcloth).
https://lwn.net/Articles/944354/
BSRT-2023-001 Vulnerabilities in Management Console and Self Service Impact AtHoc Server
https://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000112406
VU#347067: Multiple BGP implementations are vulnerable to improperly formatted BGP updates
https://kb.cert.org/vuls/id/347067
PHP Shopping Cart-4.2 Multiple-SQLi
https://cxsecurity.com/issue/WLB-2023090037
Cisco IOS XR Software Compression ACL Bypass Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-comp3acl-vGmp6BQ3
Cisco IOS XR Software Image Verification Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lnt-L9zOkBz5
Cisco IOS XR Software iPXE Boot Signature Bypass Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB
Cisco IOS XR Software Model-Driven Programmability Behavior with AAA Authorization
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-info-GXp7nVcP
Cisco IOS XR Software Connectivity Fault Management Denial of Service Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xr-cfm-3pWN8MKt
Cisco IOS XR Software Access Control List Bypass Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnx-acl-PyzDkeYF
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/
K000136157 : sssd vulnerability CVE-2022-4254
https://my.f5.com/manage/s/article/K000136157?utm_source=f5support&utm_medium=RSS
Trumpf: Multiple Products affected by WIBU Codemeter Vulnerability
https://cert.vde.com/de/advisories/VDE-2023-031/
Elliptic Labs Virtual Lock Sensor Vulnerability
https://support.lenovo.com/product_security/PS500576-ELLIPTIC-LABS-VIRTUAL-LOCK-SENSOR-VULNERABILITY
Lenovo XClarity Controller (XCC) Vulnerabilities
https://support.lenovo.com/product_security/PS500578
Intel Dynamic Tuning Technology Advisory
https://support.lenovo.com/product_security/PS500577-INTEL-DYNAMIC-TUNING-TECHNOLOGY-ADVISORY